"Organizations are heavily investing in zero trust, a security framework that requires strict verification and ongoing monitoring of every user, device, and application. As of 2025, the size of the zero trust market is estimated at $38.37 billion USD and is projected to grow to $86.57 billion USD by 2030. Investmentsinclude not only tools but also organizational transformation, policy overhaul, and long-term architectural changes. When combined with strong, phishing-resistant multi-factor authentication (MFA) and AI-powered threat detection, a move toward zero trust will significantly enhance cybersecurity. However, help desks often lack robust identity verification, creating a critical vulnerability."
"The Marks & Spencer breach and the 2023 MGM Resorts attack highlight this issue. The group Scattered Spider turned social engineering into a science. They impersonated staff, bypassed weak protocols, and caused massive disruption. They exploited outdated workflows, studying organizations and mimicking internal language to deceive help desks. In the MGM attack, their help desk social engineering event led to over $100 million in damages and widespread disruption across hotels, casinos and their digital infrastructure."
Organizations are committing significant resources to zero trust, requiring strict verification and continuous monitoring of users, devices, and applications. The zero trust market is large and growing rapidly, and investments extend beyond tools to include organizational transformation, policy changes, and architectural redesign. Combining zero trust with phishing-resistant MFA and AI-driven threat detection strengthens cybersecurity posture. Help desks remain a major vulnerability because they mix legacy infrastructure, human interaction, and urgent access needs, and often lack robust identity verification. Attackers use social engineering and impersonation to exploit weak help desk processes, causing large-scale, process-driven breaches rather than isolated human errors.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]